Mercurial > hg > CbC > CbC_gcc
comparison gcc/analyzer/sm.h @ 145:1830386684a0
gcc-9.2.0
| author | anatofuz |
|---|---|
| date | Thu, 13 Feb 2020 11:34:05 +0900 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 131:84e7813d76e9 | 145:1830386684a0 |
|---|---|
| 1 /* Modeling API uses and misuses via state machines. | |
| 2 Copyright (C) 2019-2020 Free Software Foundation, Inc. | |
| 3 Contributed by David Malcolm <dmalcolm@redhat.com>. | |
| 4 | |
| 5 This file is part of GCC. | |
| 6 | |
| 7 GCC is free software; you can redistribute it and/or modify it | |
| 8 under the terms of the GNU General Public License as published by | |
| 9 the Free Software Foundation; either version 3, or (at your option) | |
| 10 any later version. | |
| 11 | |
| 12 GCC is distributed in the hope that it will be useful, but | |
| 13 WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 15 General Public License for more details. | |
| 16 | |
| 17 You should have received a copy of the GNU General Public License | |
| 18 along with GCC; see the file COPYING3. If not see | |
| 19 <http://www.gnu.org/licenses/>. */ | |
| 20 | |
| 21 #ifndef GCC_ANALYZER_SM_H | |
| 22 #define GCC_ANALYZER_SM_H | |
| 23 | |
| 24 /* Utility functions for use by state machines. */ | |
| 25 | |
| 26 extern tree is_zero_assignment (const gimple *stmt); | |
| 27 extern bool any_pointer_p (tree var); | |
| 28 | |
| 29 namespace ana { | |
| 30 | |
| 31 class state_machine; | |
| 32 class sm_context; | |
| 33 class pending_diagnostic; | |
| 34 | |
| 35 /* An abstract base class for a state machine describing an API. | |
| 36 A mapping from state IDs to names, and various virtual functions | |
| 37 for pattern-matching on statements. */ | |
| 38 | |
| 39 class state_machine : public log_user | |
| 40 { | |
| 41 public: | |
| 42 typedef unsigned state_t; | |
| 43 | |
| 44 state_machine (const char *name, logger *logger) | |
| 45 : log_user (logger), m_name (name) {} | |
| 46 | |
| 47 virtual ~state_machine () {} | |
| 48 | |
| 49 /* Should states be inherited from a parent region to a child region, | |
| 50 when first accessing a child region? | |
| 51 For example we should inherit the taintedness of a subregion, | |
| 52 but we should not inherit the "malloc:non-null" state of a field | |
| 53 within a heap-allocated struct. */ | |
| 54 virtual bool inherited_state_p () const = 0; | |
| 55 | |
| 56 const char *get_name () const { return m_name; } | |
| 57 | |
| 58 const char *get_state_name (state_t s) const; | |
| 59 | |
| 60 /* Return true if STMT is a function call recognized by this sm. */ | |
| 61 virtual bool on_stmt (sm_context *sm_ctxt, | |
| 62 const supernode *node, | |
| 63 const gimple *stmt) const = 0; | |
| 64 | |
| 65 virtual void on_phi (sm_context *sm_ctxt ATTRIBUTE_UNUSED, | |
| 66 const supernode *node ATTRIBUTE_UNUSED, | |
| 67 const gphi *phi ATTRIBUTE_UNUSED, | |
| 68 tree rhs ATTRIBUTE_UNUSED) const | |
| 69 { | |
| 70 } | |
| 71 | |
| 72 virtual void on_condition (sm_context *sm_ctxt, | |
| 73 const supernode *node, | |
| 74 const gimple *stmt, | |
| 75 tree lhs, enum tree_code op, tree rhs) const = 0; | |
| 76 | |
| 77 /* Return true if it safe to discard the given state (to help | |
| 78 when simplifying state objects). | |
| 79 States that need leak detection should return false. */ | |
| 80 virtual bool can_purge_p (state_t s) const = 0; | |
| 81 | |
| 82 /* Called when VAR leaks (and !can_purge_p). */ | |
| 83 virtual pending_diagnostic *on_leak (tree var ATTRIBUTE_UNUSED) const | |
| 84 { | |
| 85 return NULL; | |
| 86 } | |
| 87 | |
| 88 void validate (state_t s) const; | |
| 89 | |
| 90 void dump_to_pp (pretty_printer *pp) const; | |
| 91 | |
| 92 protected: | |
| 93 state_t add_state (const char *name); | |
| 94 | |
| 95 private: | |
| 96 DISABLE_COPY_AND_ASSIGN (state_machine); | |
| 97 | |
| 98 const char *m_name; | |
| 99 auto_vec<const char *> m_state_names; | |
| 100 }; | |
| 101 | |
| 102 /* Is STATE the start state? (zero is hardcoded as the start state). */ | |
| 103 | |
| 104 static inline bool | |
| 105 start_start_p (state_machine::state_t state) | |
| 106 { | |
| 107 return state == 0; | |
| 108 } | |
| 109 | |
| 110 /* Abstract base class for state machines to pass to | |
| 111 sm_context::on_custom_transition for handling non-standard transitions | |
| 112 (e.g. adding a node and edge to simulate registering a callback and having | |
| 113 the callback be called later). */ | |
| 114 | |
| 115 class custom_transition | |
| 116 { | |
| 117 public: | |
| 118 virtual ~custom_transition () {} | |
| 119 virtual void impl_transition (exploded_graph *eg, | |
| 120 exploded_node *src_enode, | |
| 121 int sm_idx) = 0; | |
| 122 }; | |
| 123 | |
| 124 /* Abstract base class giving an interface for the state machine to call | |
| 125 the checker engine, at a particular stmt. */ | |
| 126 | |
| 127 class sm_context | |
| 128 { | |
| 129 public: | |
| 130 virtual ~sm_context () {} | |
| 131 | |
| 132 /* Get the fndecl used at call, or NULL_TREE. | |
| 133 Use in preference to gimple_call_fndecl (and gimple_call_addr_fndecl), | |
| 134 since it can look through function pointer assignments and | |
| 135 other callback handling. */ | |
| 136 virtual tree get_fndecl_for_call (const gcall *call) = 0; | |
| 137 | |
| 138 /* Called by state_machine in response to pattern matches: | |
| 139 if VAR is in state FROM, transition it to state TO, potentially | |
| 140 recording the "origin" of the state as ORIGIN. | |
| 141 Use NODE and STMT for location information. */ | |
| 142 virtual void on_transition (const supernode *node, const gimple *stmt, | |
| 143 tree var, | |
| 144 state_machine::state_t from, | |
| 145 state_machine::state_t to, | |
| 146 tree origin = NULL_TREE) = 0; | |
| 147 | |
| 148 /* Called by state_machine in response to pattern matches: | |
| 149 issue a diagnostic D if VAR is in state STATE, using NODE and STMT | |
| 150 for location information. */ | |
| 151 virtual void warn_for_state (const supernode *node, const gimple *stmt, | |
| 152 tree var, state_machine::state_t state, | |
| 153 pending_diagnostic *d) = 0; | |
| 154 | |
| 155 virtual tree get_readable_tree (tree expr) | |
| 156 { | |
| 157 return expr; | |
| 158 } | |
| 159 | |
| 160 virtual state_machine::state_t get_global_state () const = 0; | |
| 161 virtual void set_global_state (state_machine::state_t) = 0; | |
| 162 | |
| 163 /* A vfunc for handling custom transitions, such as when registering | |
| 164 a signal handler. */ | |
| 165 virtual void on_custom_transition (custom_transition *transition) = 0; | |
| 166 | |
| 167 protected: | |
| 168 sm_context (int sm_idx, const state_machine &sm) | |
| 169 : m_sm_idx (sm_idx), m_sm (sm) {} | |
| 170 | |
| 171 int m_sm_idx; | |
| 172 const state_machine &m_sm; | |
| 173 }; | |
| 174 | |
| 175 | |
| 176 /* The various state_machine subclasses are hidden in their respective | |
| 177 implementation files. */ | |
| 178 | |
| 179 extern void make_checkers (auto_delete_vec <state_machine> &out, | |
| 180 logger *logger); | |
| 181 | |
| 182 extern state_machine *make_malloc_state_machine (logger *logger); | |
| 183 extern state_machine *make_fileptr_state_machine (logger *logger); | |
| 184 extern state_machine *make_taint_state_machine (logger *logger); | |
| 185 extern state_machine *make_sensitive_state_machine (logger *logger); | |
| 186 extern state_machine *make_signal_state_machine (logger *logger); | |
| 187 extern state_machine *make_pattern_test_state_machine (logger *logger); | |
| 188 | |
| 189 } // namespace ana | |
| 190 | |
| 191 #endif /* GCC_ANALYZER_SM_H */ |